Not a Tech Pro Research member? Sign up for a Free Trial and get access to this content and more for one week.

IT hardware procurement policy

Originally Published:

Apr 2017

A strong hardware procurement policy will ensure that requirements are followed and that all purchases are subject to the same screening and approval processes. This comprehensive policy covers the essential aspects of the purchasing process.

From the policy:

Summary
There are many similarities between purchasing software and hardware—evaluations, vetting vendors, conducting RFPs, developing proofs of concept, and handling contract details. However, there are a few noteworthy differences, since hardware is an asset that involves physical elements, wear and tear, maintenance and repair, different upgrade paths, and often the need for security.

Establishing a purchasing authority and approval chain
A purchasing authority (PA) should be established for hardware procurement. The PA can be either an individual or a group (the finance department, for instance). The PA will be responsible for fulfilling the purchasing of hardware, establishing vendors, developing vendor relationships, utilizing discounts/company credit cards, tracking and documenting orders, performing risk analysis, and monitoring for fraud. This will be achieved by recording all purchases and assets and ensuring that physical property is documented and tracked.

The PA should utilize as few vendors as possible to establish consistency and consolidate purchasing power (a preferred vendor can offer better prices or discounts, for example). Similarly, the PA should establish with the IT department a “standard technology” list of preferred servers, desktops, mobile devices, etc., to provide a consistent environment and reduce complexity. The procurement of “nonstandard technology” should be avoided where possible.

Purchases over a set amount (e.g., $500) must be approved by management. Designated management approvers may consist of the finance head, the IT director, or the departmental VP. At least three approvers should sign off on purchases over this set amount. The legal department (if applicable) should also review contract information.

Where applicable, the security office should be consulted to ensure that the product is appropriate for use in your environment and that there are no vulnerability or exposure concerns.

If approved by the IT department, the request should be sent to the PA. IT staff should not directly purchase hardware, with the exceptions of emergencies on site or at a remote location.

If the hardware request is declined or changed (whether by IT or the PA), the IT department will notify the requestor of the details and reasoning behind this decision.

Kubernetes enables the deployment, scaling, and management of containerized applications. This ebook explains why the ecosystem matters, ways to take advantage of it, and how it may contribute to the ...

As more and more employees request the opportunity to perform some or all of their work from a remote location, the need has grown for organizations to have clearly defined guidelines that govern empl...

Finding the best data analytics software, services, and tools for your business requires extended research and a systematic evaluation of features. This download includes an overview of factors to con...

Design flaws in modern chip design have emerged as a significant threat to the security of data on PCs and mobile devices. This comprehensive ebook delves into two prominent vulnerabilities—Spectre an...

Selecting the right VPN provider for your needs requires a fair bit of legwork because the choices are many and the offerings vary greatly. This quick-glance chart rounds up 15 of the top contenders a...

5G: The next-generation wireless network is finally a reality, and businesses remain eager to embrace this new technology. 5G will be popularized via telecom carriers and the marketing of wire-cutting...

The Internet of Things is delivering data and helpful insights to organizations around the world--but it has also introduced new and potentially devastating vulnerabilities. This ebook offers a compre...

Employees, data, and resources are three of the biggest assets in any organization. All employees should be familiar with the processes for recovering information if it becomes lost, inaccessible, or ...

Choosing a CRM solution requires strategy, thoughtful consideration, and more than a little research. These guidelines and comparison tool provide a customizable framework your business can use to fin...

The days of users studiously working at their office desks, using terminals or desktops, is quickly vanishing. This product outlines six steps for you to enforce policies and maintain regulatory comp...

Every employee has an opportunity to express and communicate online in many ways, and the organization encourages an online presence. But above all else, they need to use good judgment on what materia...

Employees rely on IT to provide the equipment they need to get things done. TechRepublic's Acceptable Use Policy: Equipment assists in directing employees to use that equipment safely and within orga...

From Mac OS X and iOS to the iPhone and iPad, TechRepublic's IT Professional's Guide to Supporting Apple in the Enterprise will help you deploy, optimize, and securely manage Apple hardware and softw...

This policy outlines the measures the organization is taking to ensure protection of its confidential information, including the imposition of a contractual obligation in the form of a nondisclosure a...

This document is designed to serve as a template that technology consultants and consulting firms can use to create a standardized ethical, professional, and behavioral code of conduct for its employe...

Determining how much risk is acceptable and implementing controls to meet expectations of managers, customers, investors, and employees is a common business practice. TechRepublic's sample Risk Manag...

This policy will help your organization safeguard its hardware, software, and data from exposure to persons (internal or external) who could intentionally or inadvertently harm your business and/or da...

This policy is designed to help you define requirements and implement practices for ensuring that electronic data is safeguarded in compliance with all applicable laws, rules, and regulations.
From t...

The days of users studiously working at their office desks, using terminals or desktops, is quickly vanishing. This product outlines six steps for you to enforce policies and maintain regulatory comp...

Every employee has an opportunity to express and communicate online in many ways, and the organization encourages an online presence. But above all else, they need to use good judgment on what materia...

Employees rely on IT to provide the equipment they need to get things done. TechRepublic's Acceptable Use Policy: Equipment assists in directing employees to use that equipment safely and within orga...

From Mac OS X and iOS to the iPhone and iPad, TechRepublic's IT Professional's Guide to Supporting Apple in the Enterprise will help you deploy, optimize, and securely manage Apple hardware and softw...

This policy outlines the measures the organization is taking to ensure protection of its confidential information, including the imposition of a contractual obligation in the form of a nondisclosure a...

This document is designed to serve as a template that technology consultants and consulting firms can use to create a standardized ethical, professional, and behavioral code of conduct for its employe...

Determining how much risk is acceptable and implementing controls to meet expectations of managers, customers, investors, and employees is a common business practice. TechRepublic's sample Risk Manag...

This policy will help your organization safeguard its hardware, software, and data from exposure to persons (internal or external) who could intentionally or inadvertently harm your business and/or da...

This policy is designed to help you define requirements and implement practices for ensuring that electronic data is safeguarded in compliance with all applicable laws, rules, and regulations.
From t...